jair101 Posted January 25, 2017 Posted January 25, 2017 I think it will help a lot with the copyright issue if the image proxy adds a backlink to the source. So i embed an image from domain.com/img.jpg, the script downloads the image in the proxy cache, replaces the embed and adds a link below: source:domain.com/img.jpg. Something like that.
EmpireKicking Posted January 25, 2017 Posted January 25, 2017 19 hours ago, bradl said: Systems → Settings → Posting although I usually get to it by typing SSL in the ACP search pane and it pops up automatically. I have it enable on one of the website that hasn't got SSL
EricT Posted January 25, 2017 Posted January 25, 2017 3 hours ago, EmpireKickass said: I have it enable on one of the website that hasn't got SSL Interesting, and it works as expected too ?
EmpireKicking Posted January 25, 2017 Posted January 25, 2017 23 minutes ago, EricT said: Interesting, and it works as expected too ? yep. no errors
Simon Woods Posted January 26, 2017 Posted January 26, 2017 Chrome 56 is out -- http sites are now marked as insecure.
Colonel_mortis Posted January 26, 2017 Posted January 26, 2017 The next release of Firefox will insecure login forms in the same way as the latest Chrome release, and they are also planning in the future to add a more scary warning https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
Rhett Posted January 26, 2017 Posted January 26, 2017 For sites using ssl for logins only, there will be a fix in 4.1.18 (next release) to address this.
Simon Woods Posted January 26, 2017 Posted January 26, 2017 6 minutes ago, Rhett said: For sites using ssl for logins only, there will be a fix in 4.1.18 (next release) to address this. To confirm: this means that using ssl for logins only will apply to all pages that have the login drop-down?
Management Charles Posted January 26, 2017 Management Posted January 26, 2017 Version 4.1.18 will change it so if you have HTTPS logins enabled but do not have your entire site on HTTPS then the login link will not be a dropdown but instead send the visitor to the full login page on HTTPS.
Simon Woods Posted January 26, 2017 Posted January 26, 2017 18 minutes ago, Charles said: Version 4.1.18 will change it so if you have HTTPS logins enabled but do not have your entire site on HTTPS then the login link will not be a dropdown but instead send the visitor to the full login page on HTTPS. Sounds good to me -- I would much rather see people encouraged to use full SSL. I have also just discovered that for sites on IPS Cloud, you get help from IPS: And again I feel relieved to have chosen IPS as hosts as well as makers of the software.
Apfelstrudel Posted January 26, 2017 Author Posted January 26, 2017 @Charles: But please do not forget the register page and the password control center. All pages transferring sensitive data will cause this warning in Chrome. And I don't want to let the register rate going down because the first thing new users see is the pw warning directly at the register page.
Management Charles Posted January 26, 2017 Management Posted January 26, 2017 Just now, Apfelstrudel said: @Charles: But please do not forget the register page and the password control center. All pages transferring sensitive data will cause this warning in Chrome. And I don't want to let the register rate going down because the first thing new users see is the pw warning directly at the register page. Those pages are already accounted for by the HTTPS setting. The change in 4.1.18 is to remove the drop down box that shows on every page. Even though it sent its data to a HTTPS page, Google was still warning because the field itself may not have been on an HTTPS page.
Apfelstrudel Posted January 27, 2017 Author Posted January 27, 2017 13 hours ago, Charles said: Those pages are already accounted for by the HTTPS setting. Charles, just checked this ssl-on-login-only setting on my test server but the register page is still a http page (using the standard register links). This page also contains pw fields which will cause a warning. Enabling this setting should replace the http:register with https:register links (or doing a redirect). The same with the pw control center.
Dave Baker Posted January 31, 2017 Posted January 31, 2017 The SSL login setting is at AdminCP -> System (mouseover) --> Settings header -> Login Handlers --> Login Settings button --> Use "https for logins and the AdminCP?" slider --> Save button I am running 4.1.18.
marklcfc Posted February 8, 2017 Posted February 8, 2017 I've had a free cpanel ssl activated for the past month or so, is this recommended as hosts have since said "Please bare in mind this is using a free cPanel SSL currently so isn't providing as much verification as a paid for SSL." Should I be paying for this instead for better ssl?
Colonel_mortis Posted February 8, 2017 Posted February 8, 2017 16 minutes ago, marklcfc said: I've had a free cpanel ssl activated for the past month or so, is this recommended as hosts have since said "Please bare in mind this is using a free cPanel SSL currently so isn't providing as much verification as a paid for SSL." Should I be paying for this instead for better ssl? That is just your host trying to get more money out of you. Unless you pay a large amount of money for an EV certificate (which is what this site uses, though the EV status seems to have been revoked by Firefox...), there is no difference in what is displayed to users between a free certificate and a paid certificate, and no difference in the actual security of your site.
Subseven Posted March 10, 2017 Posted March 10, 2017 I've been flagged, changed hosts, using a free provided SSL, upgraded, activated HTTPS on logins, and also set my images for caching. Now I requested a review from Google. God. This has been a pain.
Joy Rex Posted March 10, 2017 Posted March 10, 2017 1 hour ago, Subseven said: I've been flagged, changed hosts, using a free provided SSL, upgraded, activated HTTPS on logins, and also set my images for caching. Now I requested a review from Google. God. This has been a pain. You might want to use Chrome's Developer Tools (F12) on Windows or right-click --> Inspect Element to bring them up, and look under the Network tab on your forum pages to see which items specifically are not being served over HTTPS to help troubleshoot the problem.
Subseven Posted March 10, 2017 Posted March 10, 2017 43 minutes ago, Joy Rex said: You might want to use Chrome's Developer Tools (F12) on Windows or right-click --> Inspect Element to bring them up, and look under the Network tab on your forum pages to see which items specifically are not being served over HTTPS to help troubleshoot the problem. Thanks. It appears they are all https. Tennesseeanglers.com/forums/
Joy Rex Posted March 10, 2017 Posted March 10, 2017 5 hours ago, Subseven said: Thanks. It appears they are all https. Tennesseeanglers.com/forums/ Hmmm - I can't even visit your site - not only does Chrome 57 bark about it being "potentially dangerous", but the McAfee proxy at work caught it identifying it as having PUP (potentially unwanted programs).
The Old Man Posted March 11, 2017 Posted March 11, 2017 Hi @Subseven I entered your URL into Whynopadlock.com which helped me when I converted, and it looks like it's your profile images that are absolute URLs. I had this issue and ran a query to covert them to https via phpmyadmin. Hope this helps. Regards, Graham Domain Name: Tennesseeanglers.comURL Tested:https://Tennesseeanglers.com/forums/Number of items downloaded on page: 60 Valid Certificate found. Certificate valid through: Feb 17 01:29:00 2018 GMTCertificate Issuer: GoDaddy.com, Inc. SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2 Total number of items: 60Number of insecure items: 15 Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1204.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-100.gifFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-196.jpegFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-948.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1009.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-95.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-123.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-118.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-719.gifFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1259.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-144.gifFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-727.gifFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1291.pngFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-199.jpgFound in: https://tennesseeanglers.com/forums/ Secure calls made to other websites: tennesseeanglers.com is valid and secure.
Subseven Posted March 11, 2017 Posted March 11, 2017 1 hour ago, The Old Man said: Hi @Subseven I entered your URL into Whynopadlock.com which helped me when I converted, and it looks like it's your profile images that are absolute URLs. I had this issue and ran a query to covert them to https via phpmyadmin. Hope this helps. Regards, Graham Domain Name: Tennesseeanglers.comURL Tested:https://Tennesseeanglers.com/forums/Number of items downloaded on page: 60 Valid Certificate found. Certificate valid through: Feb 17 01:29:00 2018 GMTCertificate Issuer: GoDaddy.com, Inc. SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2 Total number of items: 60Number of insecure items: 15 Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1204.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-100.gifFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-196.jpegFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-948.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1009.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-95.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-123.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-118.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-719.gifFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1259.jpgFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-144.gifFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-727.gifFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-1291.pngFound in: https://tennesseeanglers.com/forums/ Insecure URL:http://tennesseeanglers.com/forums/uploads/profile/photo-thumb-199.jpgFound in: https://tennesseeanglers.com/forums/ Secure calls made to other websites: tennesseeanglers.com is valid and secure. THANKS! Can you tell me exactly what the query was?
Rhett Posted March 11, 2017 Posted March 11, 2017 Please don't run any manual queries, they are not needed nor recommended, if you need assistance, please submit a ticket and we can assist you. The only thing needed to clear that in most cases is running the support tool to clear the cache after changing to https though.
opentype Posted March 11, 2017 Posted March 11, 2017 7 minutes ago, Rhett said: Please don't run any manual queries, they are not needed nor recommended, if you need assistance, please submit a ticket and we can assist you. The only thing needed to clear that in most cases is running the support tool to clear the cache after changing to https though. What about all the http images from external source embedded into forum posts after the switch to SSL? Clearing the cache doesn’t fix that.
Rhett Posted March 11, 2017 Posted March 11, 2017 Just now, opentype said: What about all the http images from external source embedded into forum posts after the switch to SSL? Clearing the cache doesn’t fix that. It doesn't change change past images yet, this is coming though.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.